On Sun, 14 May 2017, Boyuan Yang wrote:
Hi,
> I am worried about the status of FusionForge (and thus the development workflow
> around Alioth) for Debian.
>
> Recently I had a discussion on #alioth @OFTC asking for the possibility or
> plan of upgrading alioth.debian.org from Wheezy to newer Jessie or Stretch. We
> know Wheezy *is* EOL now with extended LTS support till 2018/05. One of the
> admins ("formorer") said things won't change till Wheezy LTS EOL since
> upgrading will surely break fusionforge and **no one** can fix fusionforge
> after that. The last person who touched FusionForge is Roland Mas (in CC
> list). In my understanding that means fusionforge is already in an
> unmaintained state even for now.
>
> Wheezy LTS EOL will arrive within one year. After that the unavailability of
> Alioth will surely break everything around Alioth: the Alioth account system,
> Git/SVN/CVS repository and web interfaces, alioth maillist and so on. Debian's
> development workflow will just break down. And I believe people will not accept
> a platform with security holes as one of Debian's basic infrastructures.
>
> As a result, I'm writing to suggest we find an answer to such a problem soon.
> Migration to Jessie or Stretch with new FusionForge version might be possible.
> Or we should just drop outdated FusionForge and move to some modern platforms
> like GitLab (with an alternated workflow possibly).
>
> There are much room for discussion but we should start evaluation without
> delay, since migration would take much time and the time left is pretty
> limited.
Here are my two cents and current plans:
I don't think alioth as it is has a future. It is too overloaded, a bad
software base and not well maintained (I am sorry for that).
I think that we should move the relevant services into new hosts/services. In
the first step that would be:
Must have:
- Account management - I am thinking about using freeipa for that
- Git Hosting - we want to give pagure [1] a try, which uses gitolite, which is a
nice git solution. Regarding Hooks, no, we don't want anyone to use
arbitrary hooks. This is just opening a (security) can of worms. But we
want to provide hooks as a service. Pagure also has issue tracking.
Nice to have:
- SVN / CVS Hosting (SVN as there a still a lot of users and CVS for webml)
- Mailinglists
Things I/we don't want in the future:
- Shell Hosting
- More or less obsolete Version Controlsystems, like Darcs, Bazar and so on.
We should strip down the future set to a working and maintainable minimum.
Just my 2 cent
Alex - Alioth Admin
[1] https://www.freeipa.org/page/Main_Page
[2] http://pagure.io
Attachment:
signature.asc
Description: PGP signature